More patches for QuickTime

**Glaswegian** · 04-03-2008, 02:20 PM

Apple released 11 patches for its QuickTime multimedia program on Wednesday, fixing a variety of problems that could allow a hacker to execute malicious code on a machine.

It's at least the sixth time Apple has patched QuickTime since October last year, as researchers and hackers have been closely examining media players for vulnerabilities. As operating systems have become more secure, vulnerabilities in applications have become a favoured route to break into a PC.

The patches address security issues, enhance reliability and improve the compatibility of QuickTime with third-party applications, Apple said.

Apple credited identification of more than half of the problems described to TippingPoint, a security vendor that runs Zero Day Initiative, a program that rewards researchers for finding vulnerabilities.

Many of the problems with QuickTime occur when the application opens a movie that has been specially crafted to take advantage of flaws in the software. Several of the vulnerabilities are buffer overflows, where a problem with an application's use of memory can be exploited in order to run other code.

The up-to-date version of QuickTime is now 7.4.5. Apple's Software Update function will download the new patches for computers running Windows and Apple's Mac OS X.

http://www.techworld.com/security/ne...S&NewsID=11883

04-03-2008, 02:20 PM	#1 (permalink)
Glaswegian Moderator/ Rangemaster TSF Academy; Analyst, Security Team; Oor Wullie; TSF Surgeon and Resident Comic Join Date: Sep 2005 Location: Glasgow Posts: 21,678 OS: Win XP Pro SP3 My System Blog Entries: 10	More patches for QuickTime Apple released 11 patches for its QuickTime multimedia program on Wednesday, fixing a variety of problems that could allow a hacker to execute malicious code on a machine. It's at least the sixth time Apple has patched QuickTime since October last year, as researchers and hackers have been closely examining media players for vulnerabilities. As operating systems have become more secure, vulnerabilities in applications have become a favoured route to break into a PC. The patches address security issues, enhance reliability and improve the compatibility of QuickTime with third-party applications, Apple said. Apple credited identification of more than half of the problems described to TippingPoint, a security vendor that runs Zero Day Initiative, a program that rewards researchers for finding vulnerabilities. Many of the problems with QuickTime occur when the application opens a movie that has been specially crafted to take advantage of flaws in the software. Several of the vulnerabilities are buffer overflows, where a problem with an application's use of memory can be exploited in order to run other code. The up-to-date version of QuickTime is now 7.4.5. Apple's Software Update function will download the new patches for computers running Windows and Apple's Mac OS X. http://www.techworld.com/security/ne...S&NewsID=11883 __________________ Iain - Defender of the Haggis and all things Scottish. I don't help by PM - post in the Forums. Ad-Aware::SpywareBlaster::SpyBot::SpywareGuard::SnoopFree::AVG Free::HOSTS File::HijackThis::Donate::5 Steps For Infected PCs